{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T01:09:37Z","timestamp":1769735377409,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":35,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,26]],"date-time":"2023-11-26T00:00:00Z","timestamp":1700956800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,26]]},"DOI":"10.1145\/3605762.3624427","type":"proceedings-article","created":{"date-parts":[[2023,11,23]],"date-time":"2023-11-23T04:01:12Z","timestamp":1700712072000},"page":"23-28","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Towards a Better Super-App Architecture from a Browser Security Perspective"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-3334-9327","authenticated-orcid":false,"given":"Yue","family":"Wang","sequence":"first","affiliation":[{"name":"Ant Group, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-1047-2949","authenticated-orcid":false,"given":"Yao","family":"Yao","sequence":"additional","affiliation":[{"name":"Ant Group, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6887-1422","authenticated-orcid":false,"given":"Shangcheng","family":"Shi","sequence":"additional","affiliation":[{"name":"Ant Group, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-3121-827X","authenticated-orcid":false,"given":"Weiting","family":"Chen","sequence":"additional","affiliation":[{"name":"Ant Group, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-5659-1471","authenticated-orcid":false,"given":"Lin","family":"Huang","sequence":"additional","affiliation":[{"name":"Ant Group, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,11,26]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jlap.2013.05.001"},{"key":"e_1_3_2_1_2_1","volume-title":"An Evaluation of the Google Chrome Extension Security Architecture. In 21st USENIX Security Symposium (USENIX Security 12)","author":"Carlini Nicholas","year":"2012","unstructured":"Nicholas Carlini , Adrienne Porter Felt , and David Wagner . 2012 . An Evaluation of the Google Chrome Extension Security Architecture. In 21st USENIX Security Symposium (USENIX Security 12) . USENIX Association, Bellevue, WA, 97-- 111. https:\/\/www.usenix.org\/conference\/usenixsecurity12\/technical-sessions\/ presentation\/carlini Nicholas Carlini, Adrienne Porter Felt, and David Wagner. 2012. An Evaluation of the Google Chrome Extension Security Architecture. In 21st USENIX Security Symposium (USENIX Security 12). USENIX Association, Bellevue, WA, 97-- 111. https:\/\/www.usenix.org\/conference\/usenixsecurity12\/technical-sessions\/ presentation\/carlini"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243823"},{"key":"e_1_3_2_1_4_1","unstructured":"Chrome. 2023. Google Chrome Browser. Retrieved 2023 from https:\/\/www. google.com\/chrome\/  Chrome. 2023. Google Chrome Browser. Retrieved 2023 from https:\/\/www. google.com\/chrome\/"},{"key":"e_1_3_2_1_5_1","unstructured":"Google. 2023. WebView. Retrieved June 7 2023 from https:\/\/developer.android. com\/reference\/android\/webkit\/WebView  Google. 2023. WebView. Retrieved June 7 2023 from https:\/\/developer.android. com\/reference\/android\/webkit\/WebView"},{"key":"e_1_3_2_1_6_1","unstructured":"Apple Inc. 2023. JavaScriptCore. Retrieved 2023 from https:\/\/developer.apple. com\/documentation\/javascriptcore  Apple Inc. 2023. JavaScriptCore. Retrieved 2023 from https:\/\/developer.apple. com\/documentation\/javascriptcore"},{"key":"e_1_3_2_1_7_1","unstructured":"Apple Inc. 2023. Safari Browser. Retrieved 2023 from https:\/\/www.apple.com\/ safari\/  Apple Inc. 2023. Safari Browser. Retrieved 2023 from https:\/\/www.apple.com\/ safari\/"},{"key":"e_1_3_2_1_8_1","unstructured":"Google LLC. 2023. V8 (JavaScript engine). Retrieved 2023 from https:\/\/v8.dev\/  Google LLC. 2023. V8 (JavaScript engine). Retrieved 2023 from https:\/\/v8.dev\/"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417255"},{"key":"e_1_3_2_1_10_1","volume-title":"Content Security Policy (CSP). Retrieved","author":"MDN.","year":"2023","unstructured":"MDN. 2023. Content Security Policy (CSP). Retrieved July 7, 2023 from https: \/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/CSP MDN. 2023. Content Security Policy (CSP). Retrieved July 7, 2023 from https: \/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/CSP"},{"key":"e_1_3_2_1_11_1","volume-title":"Retrieved","author":"MDN.","year":"2023","unstructured":"MDN. 2023 . Introduction to the DOM . Retrieved May 21, 2023 from https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/Document_Object_ Model\/Introduction MDN. 2023. Introduction to the DOM. Retrieved May 21, 2023 from https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/Document_Object_ Model\/Introduction"},{"key":"e_1_3_2_1_12_1","volume-title":"Permissions: revoke() method. Retrieved","author":"MDN.","year":"2023","unstructured":"MDN. 2023. Permissions: revoke() method. Retrieved April 8, 2023 from https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/Permissions\/revoke MDN. 2023. Permissions: revoke() method. Retrieved April 8, 2023 from https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/Permissions\/revoke"},{"key":"e_1_3_2_1_13_1","volume-title":"Same-origin policy. Retrieved","author":"MDN.","year":"2023","unstructured":"MDN. 2023. Same-origin policy. Retrieved July 4, 2023 from https:\/\/developer. mozilla.org\/en-US\/docs\/Web\/Security\/Same-origin_policy MDN. 2023. Same-origin policy. Retrieved July 4, 2023 from https:\/\/developer. mozilla.org\/en-US\/docs\/Web\/Security\/Same-origin_policy"},{"key":"e_1_3_2_1_14_1","volume-title":"Secure contexts. Retrieved","author":"MDN.","year":"2023","unstructured":"MDN. 2023. Secure contexts. Retrieved Jul 4, 2023 from https:\/\/developer.mozilla. org\/en-US\/docs\/Web\/Security\/Secure_Contexts MDN. 2023. Secure contexts. Retrieved Jul 4, 2023 from https:\/\/developer.mozilla. org\/en-US\/docs\/Web\/Security\/Secure_Contexts"},{"key":"e_1_3_2_1_15_1","volume-title":"Retrieved","author":"MDN.","year":"2023","unstructured":"MDN. 2023 . The web and web standards . Retrieved August 22, 2023 from https:\/\/developer.mozilla.org\/en-US\/docs\/Learn\/Getting_started_with_the_ web\/The_web_and_web_standards MDN. 2023. The web and web standards. Retrieved August 22, 2023 from https:\/\/developer.mozilla.org\/en-US\/docs\/Learn\/Getting_started_with_the_ web\/The_web_and_web_standards"},{"key":"e_1_3_2_1_16_1","volume-title":"Retrieved","author":"MDN.","year":"2023","unstructured":"MDN. 2023 . Web APIs . Retrieved Feb 20, 2023 from https:\/\/developer.mozilla. org\/en-US\/docs\/Web\/API MDN. 2023. Web APIs. Retrieved Feb 20, 2023 from https:\/\/developer.mozilla. org\/en-US\/docs\/Web\/API"},{"key":"e_1_3_2_1_17_1","volume-title":"Retrieved","author":"Perri Lori","year":"2022","unstructured":"Lori Perri . 2022 . What Is a Superapp ? Retrieved September 28, 2022 from https:\/\/www.gartner.com\/en\/articles\/what-is-a-superapp Lori Perri. 2022. What Is a Superapp? Retrieved September 28, 2022 from https:\/\/www.gartner.com\/en\/articles\/what-is-a-superapp"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1536616.1536634"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00058"},{"key":"e_1_3_2_1_20_1","volume-title":"Retrieved","author":"C.","year":"2022","unstructured":"W3 C. 2022 . MiniApp Standardization White Paper version 2 . Retrieved July, 2022 from https:\/\/www.w3.org\/TR\/mini-app-white-paper\/#api_and_component W3C. 2022. MiniApp Standardization White Paper version 2. Retrieved July, 2022 from https:\/\/www.w3.org\/TR\/mini-app-white-paper\/#api_and_component"},{"key":"e_1_3_2_1_21_1","unstructured":"W3C. 2023. Web Standards. Retrieved 2023 from https:\/\/www.w3.org\/standards\/  W3C. 2023. Web Standards. Retrieved 2023 from https:\/\/www.w3.org\/standards\/"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00086"},{"key":"e_1_3_2_1_23_1","volume-title":"One Size Does Not Fit All: Uncovering and Exploiting Cross Platform Discrepant APIs in WeChat. In 32nd USENIX Security Symposium, USENIX Security 2023","author":"Wang Chao","year":"2023","unstructured":"Chao Wang , Yue Zhang , and Zhiqiang Lin . 2023 . One Size Does Not Fit All: Uncovering and Exploiting Cross Platform Discrepant APIs in WeChat. In 32nd USENIX Security Symposium, USENIX Security 2023 , Anaheim, CA, USA, August 9- 11 , 2023, Joseph A. Calandrino and Carmela Troncoso (Eds.). USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/wang-chao Chao Wang, Yue Zhang, and Zhiqiang Lin. 2023. One Size Does Not Fit All: Uncovering and Exploiting Cross Platform Discrepant APIs in WeChat. In 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9- 11, 2023, Joseph A. Calandrino and Carmela Troncoso (Eds.). USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/wang-chao"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2306.08134"},{"key":"e_1_3_2_1_25_1","volume-title":"JavaScript engine. Retrieved","year":"2023","unstructured":"Wiki. 2023. JavaScript engine. Retrieved August 6, 2023 from https:\/\/en.wikipedia. org\/wiki\/JavaScript_engine Wiki. 2023. JavaScript engine. Retrieved August 6, 2023 from https:\/\/en.wikipedia. org\/wiki\/JavaScript_engine"},{"key":"e_1_3_2_1_26_1","volume-title":"Retrieved","year":"2023","unstructured":"wikipedia. 2023 . Browser Object Model . Retrieved May 22, 2023 from https: \/\/en.wikipedia.org\/wiki\/Browser_Object_Model wikipedia. 2023. Browser Object Model. Retrieved May 22, 2023 from https: \/\/en.wikipedia.org\/wiki\/Browser_Object_Model"},{"key":"e_1_3_2_1_27_1","volume-title":"Cross-origin resource sharing. Retrieved","year":"2023","unstructured":"wikipedia. 2023. Cross-origin resource sharing. Retrieved July 4, 2023 from https:\/\/en.wikipedia.org\/wiki\/Cross-origin_resource_sharing wikipedia. 2023. Cross-origin resource sharing. Retrieved July 4, 2023 from https:\/\/en.wikipedia.org\/wiki\/Cross-origin_resource_sharing"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2736277.2741630"},{"key":"e_1_3_2_1_29_1","volume-title":"Toward Principled Browser Security. In 14th Workshop on Hot Topics in Operating Systems (HotOS XIV). USENIX Association, Santa Ana Pueblo, NM. https:\/\/www.usenix.org\/conference\/hotos13\/session\/yang","author":"Yang Edward","year":"2013","unstructured":"Edward Yang , Deian Stefan , John Mitchell , David Mazi\u00e8res , Petr Marchenko , and Brad Karp . 2013 . Toward Principled Browser Security. In 14th Workshop on Hot Topics in Operating Systems (HotOS XIV). USENIX Association, Santa Ana Pueblo, NM. https:\/\/www.usenix.org\/conference\/hotos13\/session\/yang Edward Yang, Deian Stefan, John Mitchell, David Mazi\u00e8res, Petr Marchenko, and Brad Karp. 2013. Toward Principled Browser Security. In 14th Workshop on Hot Topics in Operating Systems (HotOS XIV). USENIX Association, Santa Ana Pueblo, NM. https:\/\/www.usenix.org\/conference\/hotos13\/session\/yang"},{"key":"e_1_3_2_1_30_1","unstructured":"Yuqing Yang Chao Wang Yue Zhang and Zhiqiang Lin. 2023. SoK: Decoding the Super App Enigma: The Security Mechanisms Threats and Trade-offs in OS-alike Apps. arXiv:2306.07495 [cs.CR]  Yuqing Yang Chao Wang Yue Zhang and Zhiqiang Lin. 2023. SoK: Decoding the Super App Enigma: The Security Mechanisms Threats and Trade-offs in OS-alike Apps. arXiv:2306.07495 [cs.CR]"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560597"},{"key":"e_1_3_2_1_32_1","volume-title":"Identity Confusion in WebView-based Mobile App-in-app Ecosystems. In 31st USENIX Security Symposium (USENIX Security 22)","author":"Zhang Lei","year":"2022","unstructured":"Lei Zhang , Zhibo Zhang , Ancong Liu , Yinzhi Cao , Xiaohan Zhang , Yanjun Chen , Yuan Zhang , Guangliang Yang , and Min Yang . 2022 . Identity Confusion in WebView-based Mobile App-in-app Ecosystems. In 31st USENIX Security Symposium (USENIX Security 22) . USENIX Association, Boston, MA, 1597--1613. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/zhang-lei Lei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang, and Min Yang. 2022. Identity Confusion in WebView-based Mobile App-in-app Ecosystems. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 1597--1613. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/zhang-lei"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3460081","article-title":"A Measurement Study of Wechat Mini-Apps","volume":"5","author":"Zhang Yue","year":"2021","unstructured":"Yue Zhang , Bayan Turkistani , Allen Yuqing Yang , Chaoshun Zuo , and Zhiqiang Lin . 2021 . A Measurement Study of Wechat Mini-Apps . Proceedings of the ACM on Measurement and Analysis of Computing Systems 5 , 2 (2021), 1 -- 25 . Yue Zhang, Bayan Turkistani, Allen Yuqing Yang, Chaoshun Zuo, and Zhiqiang Lin. 2021. A Measurement Study of Wechat Mini-Apps. Proceedings of the ACM on Measurement and Analysis of Computing Systems 5, 2 (2021), 1--25.","journal-title":"Proceedings of the ACM on Measurement and Analysis of Computing Systems"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2306.08151"},{"key":"e_1_3_2_1_35_1","volume-title":"The 33rd International Convention MIPRO. 1240--1245","author":"Krolo Jakov","year":"2010","unstructured":"Jakov Krolo , and Goran Dela?. 2010 . Security vulnerabilities in modern web browser architecture . In The 33rd International Convention MIPRO. 1240--1245 . Jakov Krolo, and Goran Dela?. 2010. Security vulnerabilities in modern web browser architecture. In The 33rd International Convention MIPRO. 1240--1245."}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","location":"Copenhagen Denmark","acronym":"CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3605762.3624427","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3605762.3624427","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:46:11Z","timestamp":1750178771000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3605762.3624427"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,26]]},"references-count":35,"alternative-id":["10.1145\/3605762.3624427","10.1145\/3605762"],"URL":"https:\/\/doi.org\/10.1145\/3605762.3624427","relation":{},"subject":[],"published":{"date-parts":[[2023,11,26]]},"assertion":[{"value":"2023-11-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}